In networking, load balancers are traditionally used to distribute network and application traffic across a number of servers. In some networks, however, load balancers create a bottleneck in the path of the network traffic since both incoming and outgoing traffic have to pass through the load balancers. For example, in hosting systems, such as datacenters, where the north-south traffic is often asymmetric (i.e., the network traffic that leaves a hosting system is substantially more than the traffic that enters it), load balancers can cause significant disruption and inefficiency in network throughput. To get around this bottleneck, traditional load balancer vendors have used a technique called Direct Server Return (DSR) to be implemented by the load balancers, which modifies the traffic flow by permitting the server to respond directly to the client. The direct response to clients relieves the network load balancer of the need to handle the heavy return traffic.
DSR solutions, however, require special configuration on servers to process the outgoing traffic differently (in order to bypass the load balancer). For example, an L2 DSR solution requires defining specific loopback port addresses on the servers while an L3 DSR requires installing particular modules (e.g., kernel modules) on the servers for modifying the reverse flows. Additionally, the return traffic is invisible to a load balancer that employs a DSR technique (L2 or L3 DSR), a network connection (e.g., a TCP connection between a client and the load balancer) cannot be terminated at the load balancer. As such, a traditional DSR load balancer either cannot process higher network layer protocols (e.g., transport layer or application layer protocols), or if it can, the load balancer can cause serious security risks for the network (e.g., malicious network attacks such as DDoS attacks).